Millions of Connected Cameras Open to Eavesdropping

silversurfer

Level 73
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,230
Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency (CISA).

The bug (CVE-2021-32934, with a CVSS v3 base score of 9.1) has been introduced via a supply-chain component from ThroughTek that’s used by several original equipment manufacturers (OEMs) of security cameras – along with makers of IoT devices like baby- and pet-monitoring cameras, and robotic and battery devices.

The potential issues stemming from unauthorized viewing of feeds from these devices are myriad: For critical infrastructure operators and enterprises, video-feed interceptions could reveal sensitive business data, production/competitive secrets, information on floorplans for use in physical attacks, and employee information. And for home users, the privacy implications are obvious.

In its alert, issued Tuesday, CISA said that so far, no known public exploits are targeting the bug in the wild yet.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,368
for home users, the privacy implications are obvious.
IoT camera bugs are hardly rare: Last month, for instance, owners of Eufy home-security cameras were warned of an internal server bug that allowed strangers to view, pan and zoom in on their home-video feeds. Customers were also suddenly given access to do the same to other users.

These issues are way more serious then one can imagine. It's a real genuine problem and the Ring scandal wasn't too long ago with lowlifes, attacking children.
 
Top